bootp

Adam bsdx@looksharp.net
Tue, 25 Jul 2000 19:08:36 -0400 (EDT)
Previous message: bootp
Next message: bootp
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 25 Jul 2000, Ben Pfaff wrote:

>Adam <bsdx@looksharp.net> writes:
>
>> You might want to check if there is some way to tune if your machine
>> responds to broadcast pings, and turn it off for security's sake before
>> you get back on any hostile networks :P
>
>But would it do any good?  There's two possibilities, as I see
>it, here:
>
>	1. MSU[1] has firewalled out such broadcast pings at
>           their outside-world router.

It still leaves the possibility for inter-network broadcast flood exploits
to go on.  You could be amazed what one computer's ping flood can do to
another weak pentium with a less than efficient network card.. what about
if it was directed to something with a smaller link within "their
outside-world router", perhaps at mich.net dialups or a building still on
10base2?  A disgruntled student with a grudge against a department or a
person in one?  A person new to the network unaware of general network
courtesy or ignorance of the Acceptable use policy doing things they
should't? (Yes I'd like to believe they are non existant or rare)
Being a willing or unwilling participant in a possible exploitation scheme
using your machine seems like a bad idea in any situation.. 

>
>	2. MSU has not done so.  I am practically the only person
>           on campus to turn off responses to such pings.

Perhaps the only one to turn off.. I doubt the only one to *have* them off
afterwards.  In the age of websites like ORBS and other "these guys are
possibly bad" websites, I'd want to try to keep my machines working as
much for me and as little for other people as I can on the internet today.  

http://users.quadrunner.com/chuegen/smurf/ has links about the issue,
including information about the defaults of OS's towards broadcast pings
and how to change the default.  

>           Everyone else is using the default settings.
>           Therefore, my changing my settings has no real effect
>           on the results of such a DoS attack attempt, whether
>           the defaults are to respond or not.

You obviously champion Linux and GNU software because they are good things
for the computer community.  You use it because its good for you, and you
tell others to use it because you think it would be good for them
too.  Why would you not do something like disabling broadcast pings 
that is good for the other 2^16 IP's on the internet?  And if you did it,
wouldn't you want to tell others to so they could do it too? 

Wouldn't you like to have a proverbial star on your forehead for
"I dont respond to broadcast pings" next to the ones for "I use ssh" "I
use tcp wrappers" "I use procmail" "I report spammers to proper
authorities" and "I use a Free Operating system" ? :)  They are all just a
drop in the bucket compared to the rest of the world but they all make it
better in some way, IMHO.

>
>[1] The only "hostile" network I ever have a machine sitting on.
Previous message: bootp
Next message: bootp
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]